General

  • Target

    ZKMEkleQqDEiaJkkklgbtq.bin

  • Size

    512KB

  • Sample

    220626-g32csshher

  • MD5

    2af8d90b7f3fac6170869de920b2df72

  • SHA1

    7376431005032f186e6c6909e31c1399a6c171d5

  • SHA256

    9be19f07e2a06af1c622c9c6b7f139b4328f6baf971a7964844447bcff7e1814

  • SHA512

    c58941f4e5634ffb913d15d97e8b869e1e365fed5d408ecf73c0539f00a25c4ea2959c11d819ccea71da855dbf83daf1b40d83d71d286f2ecb3b51cc2d01fee2

Malware Config

Extracted

Family

dridex

Botnet

22203

C2

51.159.52.196:443

134.209.247.135:6602

194.233.68.48:5228

89.31.56.58:593

rc4.plain
rc4.plain

Targets

    • Target

      ZKMEkleQqDEiaJkkklgbtq.bin

    • Size

      512KB

    • MD5

      2af8d90b7f3fac6170869de920b2df72

    • SHA1

      7376431005032f186e6c6909e31c1399a6c171d5

    • SHA256

      9be19f07e2a06af1c622c9c6b7f139b4328f6baf971a7964844447bcff7e1814

    • SHA512

      c58941f4e5634ffb913d15d97e8b869e1e365fed5d408ecf73c0539f00a25c4ea2959c11d819ccea71da855dbf83daf1b40d83d71d286f2ecb3b51cc2d01fee2

    • Dridex

      Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.

    • Dridex Loader

      Detects Dridex both x86 and x64 loader in memory.

MITRE ATT&CK Matrix

Tasks